Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/cWYtzh97Y5xJyWvvO2tRRKHTSRI.roa
File:                     cWYtzh97Y5xJyWvvO2tRRKHTSRI.roa (raw, json)
Hash identifier:          BzWIY0juQizS+IaQgFB3CTCIx/YEVzGHMBmXB0jMJgA=
Subject key identifier:   71:66:2D:CE:1F:7B:63:9C:49:C9:6B:EF:3B:6B:51:44:A1:D3:49:12
Certificate issuer:       /CN=707f3dabaee24fc43b865aafa3f3c9c2f364bfc9
Certificate serial:       018CC801A2DF359537580DA012B4585890F2
Authority key identifier: 70:7F:3D:AB:AE:E2:4F:C4:3B:86:5A:AF:A3:F3:C9:C2:F3:64:BF:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cH89q67iT8Q7hlqvo_PJwvNkv8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/cWYtzh97Y5xJyWvvO2tRRKHTSRI.roa
Signing time:             Tue 02 Jan 2024 02:29:59 +0000
ROA not before:           Tue 02 Jan 2024 02:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        193.23.168.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/cH89q67iT8Q7hlqvo_PJwvNkv8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/cH89q67iT8Q7hlqvo_PJwvNkv8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cH89q67iT8Q7hlqvo_PJwvNkv8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:a2:df:35:95:37:58:0d:a0:12:b4:58:58:90:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=707f3dabaee24fc43b865aafa3f3c9c2f364bfc9
        Validity
            Not Before: Jan  2 02:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71662dce1f7b639c49c96bef3b6b5144a1d34912
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:47:5f:af:88:5e:d2:21:88:a2:10:de:3d:7b:
                    19:e9:e0:0b:70:30:22:52:17:bc:65:72:b5:6c:f3:
                    54:2d:2b:30:a7:de:4e:bc:87:46:48:8c:36:0a:6d:
                    28:8a:79:f1:e1:a9:eb:9d:a3:a0:60:1f:b6:78:fd:
                    24:a2:02:27:92:de:6a:c1:c5:90:a1:d8:ee:fe:37:
                    88:2a:04:51:b8:18:c1:fd:d4:eb:6d:a2:48:bb:b5:
                    97:a1:0b:39:5e:a8:cd:32:8b:02:8e:fa:1d:3a:b4:
                    eb:c0:bf:d7:a5:67:4c:66:cc:5e:72:c9:0c:03:c1:
                    0b:ad:04:59:e5:e2:a3:a6:0c:26:3a:3b:81:ed:6c:
                    8a:d7:39:6b:0d:03:d5:86:94:5f:c9:49:ae:ca:7b:
                    61:1d:13:0a:b1:0e:e8:19:ce:15:fc:6e:98:12:a5:
                    22:ad:18:d8:f9:fe:fe:7f:e1:cb:7d:a4:3f:6a:64:
                    a5:3b:44:2c:51:b3:f5:e1:d7:49:da:50:1c:84:b4:
                    84:36:95:e8:8a:17:b1:3e:46:bf:a7:6e:e0:ae:0b:
                    f0:8f:2c:4a:4b:bc:c2:e7:55:52:b3:4b:cb:2b:d2:
                    7e:2b:14:31:29:0a:cf:3b:ed:29:88:ad:39:0f:0d:
                    b8:4e:00:6b:fa:8b:b7:2b:7f:fd:b5:6a:54:8e:2a:
                    5e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:66:2D:CE:1F:7B:63:9C:49:C9:6B:EF:3B:6B:51:44:A1:D3:49:12
            X509v3 Authority Key Identifier:
                keyid:70:7F:3D:AB:AE:E2:4F:C4:3B:86:5A:AF:A3:F3:C9:C2:F3:64:BF:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cH89q67iT8Q7hlqvo_PJwvNkv8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/cWYtzh97Y5xJyWvvO2tRRKHTSRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/cH89q67iT8Q7hlqvo_PJwvNkv8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:f9:9d:f7:48:6e:89:02:6e:65:d4:dd:a5:d7:1d:99:ba:df:
         41:86:1f:0f:b2:b5:ba:dc:dc:6d:c3:bc:dd:08:4d:0b:9f:8d:
         0a:5b:01:78:95:67:6e:12:ed:40:24:3f:7d:93:60:9f:26:48:
         52:8f:4a:34:b1:44:d3:fb:c2:1b:01:b4:5c:f8:a8:b7:c7:1a:
         7a:6c:f0:ed:ab:9b:52:2a:ad:92:9b:23:5c:bd:c4:34:46:0a:
         de:d3:be:68:36:34:6c:e3:88:62:dd:ad:76:0e:37:cf:40:02:
         74:12:8e:bc:1b:b5:8f:1b:26:01:55:33:da:89:02:ac:9e:5b:
         fc:10:d1:d2:1d:ac:41:ca:9e:7b:11:13:22:d3:41:74:88:32:
         62:75:cb:1e:0c:9f:2f:5c:3b:77:19:4a:48:8d:24:4a:c2:98:
         69:44:57:25:a3:64:2b:91:47:ea:de:d2:0d:7f:d3:44:95:04:
         02:ac:64:db:42:a4:69:94:8d:20:5b:48:53:07:fa:03:01:58:
         eb:ab:ee:08:02:42:fd:56:7a:df:d7:6b:c6:a6:53:fa:72:7e:
         12:88:3c:8a:1e:76:73:3e:6c:8e:ad:fc:6b:53:7a:7f:ec:bb:
         99:91:09:47:74:74:50:d5:47:49:82:51:12:13:e3:71:a8:45:
         b8:60:60:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAaLfNZU3WA2gErRYWJDyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwN2YzZGFiYWVlMjRmYzQzYjg2NWFhZmEzZjNjOWMyZjM2
NGJmYzkwHhcNMjQwMTAyMDIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTY2MmRjZTFmN2I2MzljNDljOTZiZWYzYjZiNTE0NGExZDM0OTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEdfr4he0iGIohDePXsZ6eALcDAi
Uhe8ZXK1bPNULSswp95OvIdGSIw2Cm0oinnx4anrnaOgYB+2eP0kogInkt5qwcWQ
odju/jeIKgRRuBjB/dTrbaJIu7WXoQs5XqjNMosCjvodOrTrwL/XpWdMZsxecskM
A8ELrQRZ5eKjpgwmOjuB7WyK1zlrDQPVhpRfyUmuynthHRMKsQ7oGc4V/G6YEqUi
rRjY+f7+f+HLfaQ/amSlO0QsUbP14ddJ2lAchLSENpXoihexPka/p27grgvwjyxK
S7zC51VSs0vLK9J+KxQxKQrPO+0piK05Dw24TgBr+ou3K3/9tWpUjipekwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFmLc4fe2OcSclr7ztrUUSh00kSMB8GA1UdIwQY
MBaAFHB/Pauu4k/EO4Zar6PzycLzZL/JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0g4OXE2N2lUOFE3aGxxdm9fUEp3dk5rdjhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi84OGNjNTAtMjI3My00NWZmLWFkYjUt
ZWNjZDY2NWYxZjAzLzEvY1dZdHpoOTdZNXhKeVd2dk8ydFJSS0hUU1JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi84OGNjNTAtMjI3My00NWZmLWFkYjUtZWNjZDY2NWYxZjAz
LzEvY0g4OXE2N2lUOFE3aGxxdm9fUEp3dk5rdjhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwReoMA0G
CSqGSIb3DQEBCwUAA4IBAQC3+Z33SG6JAm5l1N2l1x2Zut9Bhh8PsrW63Nxtw7zd
CE0Ln40KWwF4lWduEu1AJD99k2CfJkhSj0o0sUTT+8IbAbRc+Ki3xxp6bPDtq5tS
Kq2SmyNcvcQ0Rgre075oNjRs44hi3a12DjfPQAJ0Eo68G7WPGyYBVTPaiQKsnlv8
ENHSHaxByp57ERMi00F0iDJidcseDJ8vXDt3GUpIjSRKwphpRFclo2QrkUfq3tIN
f9NElQQCrGTbQqRplI0gW0hTB/oDAVjrq+4IAkL9Vnrf12vGplP6cn4SiDyKHnZz
PmyOrfxrU3p/7LuZkQlHdHRQ1UdJglESE+NxqEW4YGBJ
-----END CERTIFICATE-----